W3C home > Mailing lists > Public > www-talk@w3.org > May to June 1996

Re: Re[2]: creating a mSQL database with a www cgi

From: ALASTAIR AITKEN CLMS <A.Aitken@unl.ac.uk>
Date: Mon, 13 May 1996 09:41:21 +0000 (GMT)
To: Jason.T.Vincent@jpl.nasa.gov
Cc: www-talk@w3.org
Message-Id: <01I4NHRFXJRW9ZLES4@grid.unl.ac.uk>
Jason,

>     I've tried the idea of creating a directory owned by 'nobody' in my 
>     web pages at my college.  My friends (which have way too much free 
>     time) wrote their own cgi's and was able to edit that directory.  It 
>     was ok for those pages, but these are government pages, they must be 
>     as secure as possible.  Can this still be done if the directory is 
>     secured with a .htaccess file????
     
I use uname/pword control for the management routines of an employment vacancies
database:

http://www.unl.ac.uk/openings_2.01b/op_mngmnt/	# the management routines
http://www.unl.ac.uk/openings_2.01b/		# the user interface

Having all the data owned by nobody simplifies greatly my problems with
file permissions but, in addition, I use the Netscape Commerce Server's
authentication facilities to uname/pword protect this area.  I think
you would need something like this as well.  I can't remember whether
.htaccess is an NCSA or a CERN feature or both but if it doesn't support
uname/pword access control then it won't be sufficient.

I guess open government doesn't extend to allowing the general public the
right to make up the information. ;-)

No security scheme is perfect.  Some people do nothing other than devising
and testing security systems.  Thanks, people. 

Alastair Aitken http://www.unl.ac.uk/~alastair mailto:a.aitken@unl.ac.uk
Received on Monday, 13 May 1996 04:41:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:19 GMT